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DETAILED ACTION 



Claims 1-19 have been presented for examination. 

Drawings 

This application has been filed with informal drawings, which are acceptable for 
examination purposes only. Formal drawings will be required for allowance. 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371 (c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AIPA) and the Intellectual Property and High Technology Technical 
Amendments Act of 2002 do not apply when the reference is a U.S. patent resulting 
directly or indirectly from an international application filed before November 29, 2000. 
Therefore, the prior art date of the reference is determined under 35 U.S.C. 102(e) prior 
to the amendment by the AIPA (pre-AlPA 35 U.S.C. 102(e)). 

Claims 1-2,4-5, 7-8, 10-11, 13-14, 16-17, and 19 are rejected under 35 
U.S.C. 102(e) as being anticipated by Borella et al., (U.S. Patent No. 6,587,433 and 
Borella hereinafter). 



Claim Rejections - 35 USC § 102 
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Regarding claim 1, Borella discloses a method for authorizing a command from a 
user in a network device including: 

establishing a RADIUS session with the user (Col. 6, lines 40-59 and Col. 8, lines 
15-30); 

receiving a user profile for the user from an Authentication, Authorization, and 
Accounting (AAA) server, said user profile containing information regarding which 
commands the user is authorized to execute (i.e., a user profile may include a class of 
service field to indicate which class of service the packets from the user may 
utilize)(Col. 6, lines 59-67 and Col. 7, lines 1-67 and Col. 8, lines 1-15); 

storing said user profile in a memory (i.e., storing the user profile)(Col. 9, lines 
49-61); 

receiving the command (i.e. request) from the user, determining whether the 
command is authorized based on said information in said user profile stored in said 
memory, and authorizing or rejecting the command based on the results of said 
determining (i.e., authorizing the request based on user profile)(Col. 4, lines 45-67 and 
Col. 5-8, lines 1-67). 

Regarding claim 7, Borella discloses an apparatus for authorizing a command 
from a user in a network device including: 

a RADIUS session initiator (Col. 6, lines 40-59 and Col. 8, lines 15-30); 
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a user profile receiver coupled to said RADIUS session initiator (i.e., a user 
profile on RADIUS server may include a class of service field to indicate which class of 
service the packets from the user may utilize)(Col. 6, lines 59-67 and Col. 7, lines 1-67 
and Col. 8, lines 1-15); 

a memory, a user profile storer coupled to said user profile receiver and said 
memory (i.e., storing the user profile)(Col. 9, lines 49-61); 

a command receiver, an authorized command determiner coupled to said 
command receiver and to said memory, and a command authorizer coupled to said 
authorized command determiner (i.e., authorizing the request based on user 
profile)(Col. 4, lines 45-67 and Col. 5-8, lines 1-67). 

Regarding claim 13, Borella discloses an apparatus for authorizing a command 
from a user in a network device including: 

means for establishing a RADIUS session with the user (i.e., RAS client 
establishes a session with the RADIUS server)(Col. 6, lines 40-59 and Col. 8, lines 15- 
30); 

means for receiving a user profile for the user from an Authentication (i.e., the 
Access-Request is submitted from the client 22 to the RADIUS server 32 via the 
network 20), Authorization, and Accounting (AAA) server, said user profile containing 
information regarding which commands the user is authorized to execute (i.e., a user 
profile on RADIUS server may include a class of service field to indicate which class of 
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service the packets from the user may utiiize)(Col. 6, lines 59-67 and Col. 7, lines 1-67 
and Col. 8, lines 1-15); 

means for storing said user profile in a memory (i.e., RADIUS server stores the 
user profile)(Col. 9, lines 49-61); 

means for receiving the command from the user (i.e., the Access-Request is 
submitted from the client 22 to the RADIUS server 32 via the network 20), means for 
determining whether the command is authorized based on said information in said user 
profile stored in said memory, and means for authorizing or rejecting the command 
based on the results of said determining (i.e., Once the RADIUS server 32 receives the 
request, it validates the sending client. A request from a client 22 for which the 
RADIUS server 32 does not have a shared secret should be silently discarded. If the 
client is valid, the RADIUS server 32 consults a database of user to find the user 
whose name matches the request. The user entry in the database contains a list of 
requirements that must be met to allow access for the user)(Col. 4, lines 45-67 and 
Col. 5-8, lines 1-67). 

Regarding claim 19, Borella discloses a program storage device readable by a 
machine, tangibly embodying a program of instructions executable by the machine to 
perform a method for authorizing a command from a user in a network device, the 
method including: 

establishing a RADIUS session with the user(Col. 6, lines 40-59 and Col. 8, lines 
15-30); 
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receiving a user profile for the user from an Authentication, Authorization, and 
Accounting (AAA) server, said user profile containing information regarding which 
commands the user is authorized to execute (i.e., a user profile on RADIUS server may 
include a class of service field to indicate which class of service the packets from the 
user may utilize)(Col. 6, lines 59-67 and Col. 7, lines 1-67 and Col. 8, lines 1-15); 

storing said user profile in a memory (i.e., storing the user profile)(Col. 9, lines 
49-61); 

receiving the command from the user, determining whether the command is 
authorized based on said information in said user profile stored in said memory, and 
authorizing or rejecting the command based on the results of said determining (i.e., 
authorizing the request based on user profile)(Col. 4, lines 45-67 and Col. 5-8, lines 1- 
67). 

Regarding claims 2, 8, and 14, Borella discloses wherein the network device is a 
Network Access Server (NAS) (i.e., Remote Access Server, RAS)(Col. 1 , lines 18-30 
and Col. 3, lines 15-67). 

Regarding claims 4, 10, and 16, Borella discloses wherein said determining 
includes comparing said command to a command set contained in said user profile and 
said authorizing includes authorizing the command if it is contained in said command 
set (i.e., Once the RADIUS server 32 receives the request, it validates the sending 
client. A request from a client 22 for which the RADIUS server 32 does not have a 
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shared secret should be silently discarded. If the client is valid, the RADIUS server 32 
consults a database of user to find the user whose name matches the request. The 
user entry in the database contains a list of requirements that must be met to allow 
access for the user)(Col. 4, lines 45-67 and Col. 5-8, lines 1-67). 

Regarding claims 5, 1 1, and 17, Borella discloses wherein said command set is a 
list of previously authorized commands (i.e., If the client is valid, the RADIUS server 32 
consults a database of user to find the user whose name matches the request. The 
user entry in the database contains a list of requirements that must be met to allow 
access for the user)(Col. 4, lines 45-67 and Col. 5-8, lines 1-67). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 6, 12, and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Borella et al., (U.S. Patent No. 6,587,433 and Borella hereinafter), in view of 
Theimer et al., (U.S. Patent No. 5,555,376 and Theimer hereinafter). 
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Teachings of Borella have been discussed previously. 

Regarding claims 6, 12 and 18, Borella does not expressly disclose wherein said 
command set is described by regular expressions. 

However, Theimer discloses wherein said command set is described by regular 
expressions (i.e., command sets are described by regular expressions and pattern 
matching is used to determine whether or not a given tuple has been defined in the user 
profiie)(Col. 16, lines 50-67). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Borella with the teachings of 
Theimer because it would allow to include command sets that are described by regular 
expressions with the motivation to provide for a pattern matching technique with 
considerable amount of flexibility (Theimer, Col. 16, lines 50-67 and Col. 17, 1-10). 

Claims 3, 9, and 15 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Borella et al., (U.S. Patent No. 6,587,433 and Borella hereinafter) and Malkin et al., 
(U.S. Patent No. 6,061,650 and Malkin hereinafter), in view of Torres et al., (U.S. Patent 
No. 5,897,635 and Torres hereinafter). 

Teachings of Borella have been discussed previously. 

Regarding claims 3, 9, and 15, Borella does not expressly disclose the process 
of terminating the RADIUS session. 
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However, Malkin discloses further including the process of terminating a RADIUS 
session (i.e., deregisters the tunnel if the PPP connection with the remote node 
terminates prior to the expiration of the tunnel)(Col. 5, lines 40-50). 

The combined teaching of Borella and Malkin does not expressly disclose 
purging said user profile from said memory when said RADIUS session is terminated. 

However, Torres discloses purging said user profile from said memory (Col. 3, 
lines 10-35). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Borella with the teachings of 
Malkin because it would allow including the process of terminating a RADIUS session 
with the motivation to deregister the tunnel if the PPP connection with the remote node 
terminates prior to the expiration of the tunnel (Malkin, Col. 5, lines 40-50) and modify 
the combined teachings of Borella and Malkin with the teachings of Torres because it 
would allow purging said user profile from said memory with the motivation to provide 
for a technique where a single, centralized file contains information about users and 
applications and the file can be readily, easily, and efficiently modified through a 
customization user interface to add, delete, and/or update user and application 
information or to tailor user compute environments (Torres, Col. 3, lines 1-6). 
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Conclusion 



The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Sitaraman et al., (U.S. Patent No. 6,301,618), 
Sitaraman et al., (U.S. Patent No. 6,466,977), 
Blair, (U.S. Patent No. 6,141,687), 
Reiche, (U.S. Patent No. 6,092,196), and 
He, (U.S. Patent No. 5,944,824). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Arezoo Sherkat whose telephone number is (703) 305- 
8749. The examiner can normally be reached on 8:00-4:30 Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (703) 305-9648. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Arezoo Sherkat 
Patent Examiner 
Technology Center 2100 
April 26, 2004 
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